The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.Referenceshttp://marc.info/?l=bugtraq&m=111446056205059&w=2
